Threat Database Fake Error Messages ' Daily Top 10' Alert

' Daily Top 10' Alert Daily Top 10 is a spam email created to download and install Trojan-Downloader.Agent.EL onto the user's computer system. Once the user receives Daily Top 10 email, he/she will believe it's a legitimate email sent by and will open it. Daily Top 10 email contains the top ten stories of the day, however, none of the links provided redirect the user to any top story. If the user clicks on any of the links, he/she will be redirected to a website where a screen may display a message stating that the user needs the latest Flash player version to be able to see the site.

Once the user downloads the update, he/she will be downloading Trojan-Downloader.Agent.EL disguised as the get_flash_update.exe file. The Trojan-Downloader.Agent.EL will open a conduit in the user's computer through which additional malware and rogue anti-spyware programs will be downloaded and installed. The most common rogue installed by Trojan-Downloader.Agent.EL is Antivirus XP 2008.

In addition, the user's desktop background and screensaver may be hijacked. The user's desktop may display a rogue alert notification stating that the user's computer in flooded with spyware and the screensaver may switch to SysInternals BlueScreen Screen Saver. These malicious mechanisms may cause a crash in the computer's operating system which will finally lead to a Blue Screen of Death (BSOD). The BSOD message may read:


Trojan-Downloader.Agent.EL downloads may cause fake popups and system alert messages that interfere with the user's workflow. Trojan-Downloader.Agent.EL is also known to modify the user's Windows Registry.

File System Details

' Daily Top 10' Alert may create the following file(s):
# File Name Detections
1. c:\WINDOWS\system32\lphcjkrj0etfg.exe
2. c:\Program Files\rhcnkrj0etfg\Uninstall.exe
3. c:\Program Files\rhcnkrj0etfg\msvcp71.dll
4. c:\WINDOWS\system32\pphcjkrj0etfg.exe
5. c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe
6. c:\Program Files\rhcnkrj0etfg\MFC71.dll
7. c:\WINDOWS\system32\CbEvtSvc.exe
8. c:\WINDOWS\system32\drivers\54c70b2e.sys
9. c:\Program Files\rhcnkrj0etfg\MFC71ENU.DLL
10. c:\Program Files\rhcnkrj0etfg\msvcr71.dll
11. c:\Program Files\rhcnkrj0etfg
12. c:\Program Files\rhcnkrj0etfg\license.txt
13. C:\Documents and Settings\\Application Data\rhcnkrj0etfg\Quarantine\Autorun
14. C:\Documents and Settings\\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKCU
15. C:\Documents and Settings\\Application Data\rhcnkrj0etfg\Quarantine\Autorun\StartMenuAllUsers
16. C:\Documents and Settings\\Desktop\Antivirus XP 2008.lnk
17. C:\Documents and Settings\\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
18. C:\Documents and Settings\\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
19. c:\WINDOWS\system32\phcjkrj0etfg.bmp
20. c:\Program Files\rhcnkrj0etfg\database.dat
21. C:\Documents and Settings\\Application Data\rhcnkrj0etfg\Quarantine
22. C:\Documents and Settings\\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKLM\RunOnce
23. C:\Documents and Settings\\Application Data\rhcnkrj0etfg\Quarantine\Autorun\StartMenuCurrentUser
24. C:\Documents and Settings\\Application Data\rhcnkrj0etfg\Quarantine\Packages
25. C:\Documents and Settings\\Start Menu\Programs\Antivirus XP 2008.lnk
26. C:\Documents and Settings\\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
27. c:\WINDOWS\system32\blphcjkrj0etfg.scr
28. c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe.local
29. C:\Documents and Settings\\Application Data\rhcnkrj0etfg
30. C:\Documents and Settings\\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKLM
31. C:\Documents and Settings\\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKCU\RunOnce
32. C:\Documents and Settings\\Application Data\rhcnkrj0etfg\Quarantine\BrowserObjects
33. C:\Documents and Settings\\Start Menu\Programs\Antivirus XP 2008
34. C:\Documents and Settings\\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
35. C:\Documents and Settings\\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk

Registry Details

' Daily Top 10' Alert may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "NoDispScrSavPage"
HKEY_CURRENT_USER\Software\Sysinternals\Bluescreen Screen Saver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SMrhcnkrj0etfg"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "lphcjkrj0etfg"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "NoDispBackgroundPage"


Most Viewed